NaCl.Core, a cryptography library for .NET
November 29, 2025 ยท View on GitHub
Introduction
NaCl.Core is a managed-only cryptography library for .NET which provides modern cryptographic primitives.
Currently supported:
| Crypto | Description |
|---|---|
| Salsa20 | A high-speed stream cipher part of the family of 256-bit stream ciphers designed in 2005 and submitted to eSTREAM, the ECRYPT Stream Cipher Project |
| ChaCha20 | A high-speed stream cipher based on Salsa20 |
| XChaCha20 | Based on ChaCha20 IETF with extended nonce (192-bit instead of 96-bit) |
| Poly1305 | A state-of-the-art secret-key message-authentication code (MAC) based on RFC8439 |
| ChaCha20Poly1305 | An Authenticated Encryption with Associated Data (AEAD) algorithm; IETF variant as defined in RFC8439 and in its predecessor RFC7539 |
| XChaCha20Poly1305 | A variant of ChaCha20-Poly1305 that utilizes the XChaCha20 construction in place of ChaCha20; as defined in the RFC Draft |
Installation
Install the NaCl.Core NuGet package from the .NET CLI using:
dotnet add package NaCl.Core
or from the NuGet package manager:
Install-Package NaCl.Core
Or alternatively, you can add the NaCl.Core package from within Visual Studio's NuGet package manager.
Daily NuGet builds of the project are also available in the Azure Artifacts feed:
https://pkgs.dev.azure.com/idaviddesmet/NaCl.Core/_packaging/NaCl.Core-CI/nuget/v3/index.json
Usage
Symmetric Key Encryption
// Create the primitive (implements IDisposable for secure key cleanup)
using var aead = new ChaCha20Poly1305(key);
// Use the primitive to encrypt a plaintext
aead.Encrypt(nonce, plaintext, ciphertext, tag, aad);
// ... or to decrypt a ciphertext
aead.Decrypt(nonce, ciphertext, tag, plaintext, aad);
Note: All cipher classes (
ChaCha20,XChaCha20,Salsa20,XSalsa20,ChaCha20Poly1305,XChaCha20Poly1305) implementIDisposable. CallDispose()or useusingstatements to securely zero the key from memory when done.
MAC (Message Authentication Code)
// Use the primitive to compute a tag
Poly1305.ComputeMac(key, data, tag);
// ... or to verify a tag
Poly1305.VerifyMac(key, data, tag);
Test Coverage
- Includes the mandatory RFC test vectors.
- Project Wycheproof by members of Google Security Team, for testing against known attacks (when applicable).
Performance
Refer to the benchmarks for performance numbers.
Run the benchmarks using:
dotnet run -c Release --framework net9.0
dotnet run -c Release --framework net9.0 --filter "*ChaCha20IntrinsicsBenchmark*"
Learn More
- ChaCha, a variant of Salsa20 by Daniel J. Bernstein.
- The Poly1305-AES message-authentication code by Daniel J. Bernstein.
- ChaCha20 and Poly1305 for IETF Protocols RFC.
- Salsa20, also known as Snuffle 2005, uses the Salsa20 core to encrypt data.
- XSalsa20, an extended-nonce Salsa20 variant used in NaCl.
- XChaCha20-Poly1305, an extended-nonce ChaCha20-Poly1305 IETF variant.